CVE-2007-2918

Logitech VideoCall - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16511

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/logitechvideocall_start.rb

View Code ZIP pw:eip

References (10)

[US Government Resource] http://www.kb.cert.org/vuls/id/330289

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24254

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34658

[Third Party Advisory, VDB Entry] http://osvdb.org/36820

[Third Party Advisory, VDB Entry] http://osvdb.org/36821

[Third Party Advisory, VDB Entry] http://osvdb.org/36822

[Third Party Advisory, VDB Entry] http://osvdb.org/36823

[Third Party Advisory, VDB Entry] http://osvdb.org/36824

[Third Party Advisory] http://secunia.com/advisories/25514

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2018

Scores

EPSS 0.7529

EPSS Percentile 98.9%

Details

Status published

Products (1)

logitech/videocall

Published Jun 01, 2007

Tracked Since Feb 18, 2026